Details have emerged of a phishing scam which took place from 2013 until 2015, allegedly run by one 48-year-old man who claimed both Google and Facebook as victims to the tune of £77 million.

Who?

The man currently accused of running a criminal scam (that ironically claimed online security advocates and tech giants Google and Facebook as victims) is Lithuanian man Evaldas Rimasauskas. Mr. Rimasauskas is reported to be currently facing charges of wire fraud, money laundering and aggravated identity theft.

How?

It has been reported that Mr. Rimasauskas allegedly posed as an Asia-based (Taiwanese) electronics manufacturing company Quanta Computer and used phishing emails targeted at employees of the two tech giants to dupe them into wiring a total of £77 million into his account over what is believed to be a two-year period.

Phishing emails are a well-known and widely used fraudulent practice, which relies upon human error by sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, or to take other action such as wiring money to the apparent sender.

US Department of Justice (DOJ) reports show that search and social network giants Google and Facebook were likely to have been fooled to such a large degree because the company that Mr. Rimasauskas was allegedly pretending to be from (Quanta) was one which normally conducted multimillion-dollar transactions with them, and also had other tech giants such as Apple as clients.

Recent media reports of the details of the case against Mr. Rimasauskas show that he allegedly used a whole series of forged invoices, contracts and letters that had been made to look as though they had come from Quanta, and were allegedly falsely executed and signed by executives and agents of Facebook and Google.

Common

KPMG figures show that the value of (reported) fraud committed in the UK last year exceeded £1.1bn, which is part of a 55% year-on-year rise, and can be attributed to the huge growth of cybercrime.

The now all-too-common ways in which companies are duped include the hacking of company executives’ email accounts to send emails asking employees to send / wire money. Many attackers use time sensitive requests at close-of-business hours (to make if difficult for victims to check and verify), and take advantage of periods of uncertainty for staff e.g. during mergers.

Detected

It has been reported that Google eventually detected the scam and alerted the authorities. Although news of a large-scale fraud made the news earlier this year, Google and Facebook were not named as victims at the time. Both Google and Facebook are reported to have recouped the losses incurred by the fraud.

What Does This Mean For Your Business?

You could be forgiven for thinking that if Google and Facebook can fall victim to online scammers to such a degree, what chance do the rest of us have? It is important to remember, however, that phishing scams and CEO frauds of this kind rely upon human error to work. Educating and training all staff to be able to spot possible fraudulent tactics, and encouraging and empowering them to question and refer any suspicious activity can help to protect your business. Having clear systems for staff to follow, including carefully verifying new payment requests before authorising them, and continuously promoting online vigilance can be well worth the effort.